(20096) Support systemd on Fedora 15 and up #145

Merged
merged 1 commit into from Apr 13, 2013

Projects

None yet

3 participants

@ecbypi
Contributor
ecbypi commented Apr 5, 2013

Add a check to see if running Fedora 15 in order to use init scripts
provided by systemd. This adds compatibility for systemd on Fedora,
which currently returns an incorrect failure message when persisting
rules.

@ecbypi ecbypi (20096) Support systemd on Fedora 15 and up
Add a check to see if running Fedora 15 in order to use init scripts
provided by systemd. This adds compatibility for systemd on Fedora,
which currently returns an incorrect failure message when persisting
rules.
5d21303
@kbarber kbarber commented on the diff Apr 12, 2013
lib/puppet/util/firewall.rb
@@ -160,6 +165,13 @@ def persist_iptables(proto)
when :IPv6
%w{/sbin/service ip6tables save}
end
+ when :Fedora
+ case proto.to_sym
+ when :IPv4
+ %w{/usr/libexec/iptables.init save}
@kbarber
kbarber Apr 12, 2013 Member

I don't seem to have this file on Fedora 18 ... does it need a package to be installed to work?

@ecbypi
ecbypi Apr 12, 2013 Contributor

It seems iptables was removed in favor of firewalld in Fedora 18. Would it make sense to say Fedora 18 and up are unsupported until a firewalld provider is implemented? I'd be happy to work on a pull request for that and amend this one so it will fail on Fedora 18+.

@kbarber
kbarber Apr 12, 2013 Member

@ecbypi well, firewalld drives iptables I see. Hmm. Perhaps the module should disable firewalld, I see things should work without it - and I'm not sure if firewalld adds complete and utter coverage of iptables functionality. Some users would want to tap very specific options, and I don't think firewalld exposes them all - unless you use --direct which allows you to pass through iptables commands directly - but they look like they aren't even persisted. Damn Fedora messing with stuff :-).

@kbarber
kbarber Apr 12, 2013 Member

@ecbypi looks like that missing executable is provided with 'iptables-services' - the path is different as well, its '/usr/libexec/iptables/iptables.init' ... I think this is the rough path I would take until someone does something about a firewalld provider: a) shutdown firewalld stop it from starting b) install iptables-services c) purge and override the firewalld stuff in favour of whats in puppet.

I mean, it still works - and it gives people ongoing continuity if they already have firewall rules in puppet when they go to Fedora 18 (well, really I'm more worried about the majority moving to rhel7 here obviously).

@kbarber
kbarber Apr 12, 2013 Member

@ecbypi anyway, this isn't helping getting your patched merged. I think with this new knowledge I'd prefer to add the path variant for Fedora 18 until this is sorted. Bonus points if you wanted to do the other stuff, but at least sort out the path variant for now so people can 'manually' sort themselves out. Right now we already have other issues with Fedora 18 (conntrack module for example) so until they are sorted those users are blocked anyway.

@kbarber-jenkins-bot

Can one of the admins verify this patch?

@kbarber kbarber merged commit b2f1401 into puppetlabs:master Apr 13, 2013

1 check passed

default The Travis build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment